Last week we launched our first of three videos called “Meet Jim, A Model Employee … and Phishing Target” where Jeremy Piven discusses a major cybersecurity issue hitting organizations on a daily basis. The issue that was covered was phishing attacks that target innocent employees to take action that puts their personal information at risk and would take control of the corporate network. The message seems to be resonating with over 142,000 views within one week.
The second video that we are launching this week called “Ransomware Just Put Katie’s System Into Lockdown” centers around the major issue of ransomware and again, how an innocent employee who is getting hundreds of resumes for her role as an HR recruiter, gets duped to download malware by opening up a resume sent as a Word document. The malware ends up being ransomware and locks-up her machine until she pays a ransom to release her data.
The Federal Bureau of Investigation said ransomware attacks cost victims $209 million in the first three months of the year, which is about $330,000 an incident. And, almost 40 percent of enterprises have been hit by ransomware in the last year.
Here are three things to consider when it comes to ransomware:
- Ransomware cybercrime kits are readily accessible on the black market, enabling non-technical cybercriminals to license and deploy them in the execution of a ransomware campaign.
- Most organizations focus only on prevention, without formulating a “Plan B” to rely on when prevention doesn’t work. Traditional preventive systems, such as AV, are increasingly unable to detect and block the constantly changing flavors of ransomware.
- There is no single “ransomware security product” available. Since no single product can provide adequate protection because of the multifaceted nature of ransomware, and the creativity of the attackers who wield it, protection from ransomware must also be multi-faceted.
So, what happens when ransomware hits an organization? A lot:
- Organizations suffer from crippled productivity.
- Employees are locked out of vital productivity tools like email, calendars and contact lists, as well as other applications and files on affected systems.
- Customers are often impacted because customer-facing operations that are highly dependent on IT are not functional.
- Organizations often succumb to the pressure to pay the ransom to regain access to their applications and data, motivating and financing attackers to expand their ransomware campaigns.
- Data can be lost, damaged or corrupted after an attack, as not all ransomware is bug- free. And, in some cases, the attackers, if not paid in a timely manner, will destroy the decryption keys or some of your data in retribution.
As cybersecurity issues, such as ransomware, continue to be top-of-mind, Mimecast is committed to educating the millions of employees, C-Suite and board members on the impact of not only cyberthreats but also, the fact that employees take an inadvertent active role as a trusted insider to launch an attack against the company.
Telling the story of who your company is, and what you do is a consistent struggle for any business. As the nature of cyberattacks continues to evolve and get more interest beyond IT and Infosec, we here at Mimecast took an approach to conveying the problems organizations face in a way that everyone can understand. In other words….information security has gone mainstream and everyone is talking about it.
Because of this, we're taking a different approach to engaging the market. We're adding personality and a familiar face to convey the passion we have each and every day at solving major cybersecurity issues for global organizations.
That is why we engaged one of my favorite actors - Jeremy Piven a.k.a Mr. Selfridge or Ari Gold.
Working with Jeremy Piven and the production team was a great experience. Jeremy is a true artist with a strong desire for perfection and challenged us to help him convey the problem in a way that everyone can understand. Being that I have worked in the information security industry for over 16 years, I have found that we (the proverbial InfoSec vendors and professionals) overcomplicate the problem organizations face…only to leave the Board of Directors and the C-suite wondering what the true ROI is on their Infosec spend. The challenge was accepted by our team and we came up with an approach and message that everyone can understand within 60 seconds. The commercial project was an amazing and humbling experience that resulted in a three-part video series that will be rolling out over the next several weeks. The first of three video segments begins this week with our Protect Against Malicious Email URL Attacks video.
So you can get a sense of the problem the market is facing and our solution that helps protect against phishing attacks, below is the script of the first video for your reference.
JEREMY PIVEN: This is Jim. Jim is a model employee. So, when Jim gets an e-mail with the subject line "Employee Survey" with instructions to "click here to complete the survey", he eagerly clicks the link to provide his feedback.
JEREMY PIVEN: What Jim doesn't know is that e-mail was actually a phishing scam, and by clicking that URL, he just downloaded a remote access trojan that has given a cybercriminal remote access to his
computer and the corporate network.
JIM: No, no, no, no. . .
JEREMY PIVEN: Phishing scams like these, fooling innocent employees, happen every day and can cost your company thousands.
JEREMY PIVEN: For protection from cyberattacks like these, get Mimecast.
JEREMY PIVEN: Industry leading protection from spear-phishing, impersonation, and ransomware attacks.
JEREMY PIVEN: Mimecast, making email safer for business.
JEREMY PIVEN: It'll be alright.
As information security continues to be top of mind for businesses and continues to go “mainstream,” I challenge the rest of the security industry to commit to educating all businesses and their employees, C-suite and Board of Directors to better understand the impact of cyberattacks. Also, let’s educate them on how to best safeguard against different types of email attacks and the role employees play in launching an attack. I say, challenge accepted.
As the RSA Conference team gears up for their 25th year anniversary gala I’m proud to say that my 16 years in the information security industry has provided me the opportunity to participate at various levels, including a run as the GM of the RSA Conference in 2014 - one of the most contested times the industry has faced.
My career has recently brought me to a great company, Mimecast, and we’re well positioned to not only transform how companies approach email security and data protection for “always on” email communications via the cloud, Mimecast is also well positioned to transform the Information Security industry as a whole.
A lot has happened at Mimecast since the last RSA Conference – we’ve become a public company, trading on NASDAQ. And, we’ve grown: we’ve added thousands of new customers and their employees, and we’ve expanded our global business, adding more employees, taking us to over 600 people with me being one of the new Mimecasters.
In that time, the security industry has also changed – some good, as we all continue to innovate and challenge each other as white hats to help organizations advance their approach to protect the public and private sectors from the individuals, groups and nation-states that attack the fabric of commerce, PII, and corporate “crown jewels”. Some bad as we are all reminded daily about the new threats, breaches and attacks impacting organizations of all sizes, in all industries as well as all corners of the world. The safety of data is a mainstream issue, with public bodies, companies and individuals focussing on their own security agenda like never before.
Which is why RSA 2016 is going to be another great week for cyber-security thought leaders as we come together to share the strategies, techniques and new technologies needed to better protect our ourselves, our families, employees, and organizations in 2016.
This week Mimecast will not only be exhibiting at RSA Conference, booth #2438, we also will be doing our part to educate and share our perspective on the key security trends we are seeing across our cloud security service. Our position is a unique one since we handle the emails of over 16,000 customers at a clip of 180 million emails per day allowing our Mimecast security experts to see the latest threats that are impacting the global economy each and every day. And…as I’ve always promised when leading the marketing teams of the many great companies I’ve been honored to be part of Mimecast will not only present our solutions but we’ll do it in the context of education and insight of the very attacks that our experts track. We’ll also be presenting best practices, actionable intelligence and ways that go beyond Mimecast solutions to help solve one of the most pressing problems the industry faces – email security.
An example of this actionable intelligence is our recently launched global study, Mimecast Business Email Threat Report 2016: Email Security Uncovered, which we’ll be discussing and sharing the results of at RSA this week. It highlights the critical risks created by relying on service, like Office 365, for mission critical services such as email.
Every year the RSA Conference proves to be a great week for education, reuniting with friends, big deals and for the security industry as a whole. I’ll be engaging with as many people as I can to discuss key trends that will help define how we collectively can revolutionize our approach to cyber-security. We have to make greater gains against the adversaries who have out-paced all of us over the years. The team at Mimecast will be posting perspectives on what’s occupying everyone’s minds on this blog, our Twitter feed, as well as our LinkedIn and Facebook pages.
I’ll be presenting my thoughts and views on what I see/hear this week via this blog and via Twitter @alexebender. I also look forward to reading everyone’s perspective so that I can continue to learn from the best minds in the industry.